On Feb 10 2014, Mark Boolootian wrote:
I'm interested in knowing if it is standard practice amongst folks to
sign .arpa zones. Is there a compelling use case for signing reverse
zones?
We sign our (public) reverse zones. So if it isn't standard practice,
it ought to be :-)
The RIRs invested
op 11-02-14 00:47, Mark Boolootian schreef:
> I'm interested in knowing if it is standard practice amongst folks to
> sign .arpa zones. Is there a compelling use case for signing reverse
> zones?
If it's worth publishing, it's worth securing. Besides, differentiating
between zones that are signed
On Mon, Feb 10, 2014 at 03:47:57PM -0800, Mark Boolootian wrote:
> I'm interested in knowing if it is standard practice amongst folks to
> sign .arpa zones.
probably no more or less than for the forward tree. I find ~ 2000 IN-ADDR.ARPA
and IP6.ARPA zones with key material registered in the RIPE d
On Mon, Feb 10, 2014 at 11:52:11PM +0100, Anand Buddhdev wrote:
> The zone's operator had accidentally set its serial in the future, and
> then set it back, not realising that they should have performed a serial
> roll-over.
this is the core of the problem. There might be more than one appropriat
Hi Anand,
i discussed this topic with a bunch of guys of our DNS team. And my and my
teammates humble opinion is,
that the behaviour of knot is sth. we should have a second look. There are
a few words ..
At first the zone data this server is delievering after expiring the zone
is old data an
